Back to articles
Kieran Murphy
read
SHARE
SUBSCRIBE

Subscribe to our Blog

The malware contains coding which allows the attacker to access the table within the database and recover the encrypted payment card data.

Detection

You can detect the malicious code by looking for the following within your website’s directory:

The file containing the code was called Mage.php and was located within the web root under /app/ (Note that this is a legitimate file. Presence of this file alone doesn't indicate you've been compromised, only if it's been modified), and the table name in this case was ‘catalog_product_index_price_tmp_idx’. The naming convention of the table is similar in nature to those already in existence.

Again, this is Magento specific although other instances may not be identical to this.

Alternatively, our Vngo Alert solution would also detect this malicious file for Magento or malicious files in other platforms. You can sign up for a free trial to detect the malware here.

We are still finding out the details of this malicious code, and will add more information in the coming weeks.

Scan your site with FGX-Web

Foregenix have recently identified malware that is specifically aimed at the Magento eCommerce platform. The malicious code which is obfuscated on several layers, once inserted in to a php file, creates a table within the MySQL database which then encrypts payment card details and stores them within the newly created table.

Contact Us

Access cybersecurity advisory services

 

Speak With Us

TAGS:

Magento

Kieran Murphy
Kieran Murphy

See All Articles

Related Content

SEE ALL ARTICLES
Steganography, Hidden Customer and Cardholder Data in JPG Files: How to Prevent It

Nov 23, 2023
The Resurgence of Magecart Attacks: Modern Techniques to Evade Detection

Nov 02, 2023
eCommerce Cyber ThreatScape - June 2023

Jun 07, 2023
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.